Security vendors are stoking near-religious fears among some IT pros, creating false fears over cloud security

InfoWorld|Mar 7, 2014

As Computerworld reported, a panel at the RSA Security Conference last week agreed that, if cloud providers are vetted properly, most enterprise workloads and data are safe with those providers. This flies in the face of the common wisdom that cloud computing is inherently less secure and, thus, not a good fit when security and privacy are priorities. In fact, organizations that have already made the leap to the cloud appear mostly satisfied with cloud security, the panelists agreed.

A funny thing about misconceptions: They are typically more accepted than the facts. People cry out against "vulnerable clouds," and no one challenges their so-called facts, or lack thereof. When I've identified such falsehoods in calls or meetings, I felt as if I were pushing back on some kind of religion, where faith was both deaf and blind. Anything I would say to contradict the "fact" of the cloud's inherent vulnerability simply had to be wrong.

In the case of cloud computing, the degree (or lack) of security depends largely on how much planning you do and the technology you use. In other words, it's no different than when you implement systems on premises using traditional technologies, which are also vulnerable if they do not use the proper security approaches and mechanisms. The truth is that most of the best practices for on-premises security are applicable in the cloud as well.

Perhaps the cloud needs a PR firm that can call out these mistaken beliefs. Someone needs to shine the light of truth on the issues around cloud security. Right now, the PR is coming from the security vendors, who inflame any existing uncertainty and doubt. Maybe cloud providers need to mount a sustained correction campaign.

The truth is that cloud systems are being deployed on a daily basis. While nothing is perfect, the majority have not been hacked or had information stolen. The cloud is not less safe, and its risks are manageable. That's the word that needs to get shouted to the IT world, so we all can get back to useful work.